bartcop has worm virus

Note from Bartcop (e-scribed by MicheleK - BartCook):

Computer problems - was Bart hacked!?!?!! -- the next issue should be up tomorrow.
In the meantime, the 'BartGeek' has been called, and they await his wisdom at the Bart Mansion.
Send email to xxxxxxx for now, he'll try to get back to you asap!!

Note from Marc Perkel - Actually - Bartcop wasn't hacked - he has that new msblast.exe worm. This is a serious virus unlike anything I've seen before. This virus has nothing to do with email and you can be infected by just being connected to the internet. This message applies to EVERYONE running ANY version of WINDOWS - DO THIS! If you are running windows you should do the following:

Start Task Manager. Click the process tab. Look for a program called msblast.exe. If you see it - kill the process.

Go to Microsoft's Windows Update and install all the critacal updates. It is extremely important that you do this. If you do not install these updates - you will get invected!!!!

If you can't connect to Microsoft - here's part of a self fix. Select RUN and type in regedit. Walk through the tree looking for this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Which will contain - "windows auto update"="msblast.exe" - DELETE THIS KEY!


You will find a file called c:\windows\system32\msblast.exe - DELETE THIS FILE!

Don't wait till you're already infected to fix this. You need to deal with this before it happens if you are not infected already. Until you apply these patches - your computer is vulnerable to all kinds of attacks.

Tell all your friends who are running Windows to do the same - spread the word!

For more information - check out the Norton Anti-virus site.

A public service announcement brought to you by your friends at Bartcop.com.

running Windows XP & Windows 2000, earlier versions are ok, according to our IT people.

LA

on the windows update website that kicks in then.

according to cnet

http://reviews.cnet.com/4520-6600_7-5062389.html?tag=cnetfd.sd

"MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft's windowsupdate.com. The attack will start on August 15 and continues throughout the end of the year. MSBlast updates the system Registry with the following line so that it will run each time the computer is rebooted."

Here is the windows update address

http://v4.windowsupdate.microsoft.com/en/default.asp

I spent several hours into the early am working on this. The fix is on gateway's support site as well as symantec.

I might add you need to disable System Restore before scanning for virus, deleting the files, deleting registry value, empty trash, enable system restore.

I'd also suggest getting the critical updates from Microsoft.

If you have this..it's fixable.

If you don't, It's worth checking it.

It's a worm which does not affect Windows 95/98/ME. Other versions (including XP) have patches available here:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

Everyone running XP or NT should get this patch immediately.

More information is available here:

http://www.informationweek.com/story/showArticle.jhtml?articleID=13100032

Still more info:

http://www.microsoft.com/security/incident/blast.asp

Be aware the Microsoft patch you point to does NOT fully resolve the exploit. (I'm not saying not to get the patch to anyone - by all means get it)

However, you are still vulnerable to this exploit. It is simply carried out in a different manner.

If you have an effective firewall though you're ok.

Thanks for the heads up.

I downloaded the patch and now I'm getting a run.dll error on startup. What's it mean?

according to my firewall.

but he wouldn't listen to me.

with your ports locked down, you shouldn't have problems. For the past two days or so, I've been getting 5-20 probes to port 135 an hour -- must be a ton of infected PCs out there.

and there have been about 400 scans turned down on 135 today.

lately that say "Win32 has failed" or something like that. Is that the virus? I set up my firewall and am downloading the patch. Is there anything else I need to do?

for over a week.

it took two days to diagnose and fix... no fun there. Whomever writes these pieces of malicious code, if caught, should be sent to minister to ebola victims for 6 months at a stretch.

1. Disconnect Windows machine from outlet

2. Disconnect hard drive from all monitors, periphs etc

3. Carry Windows HD to 2nd-floor window

4. Drop Window HD out of 2nd-floor window, preferrably a window above a concrete driveway

5. Pick up phone

6. Call Apple and order a new Mac!


:think:

they would be subject to all manner of threats. ANY operating system that exposes itself to the outside world can be compromised.

and Mac will probably never have more than 5% of the market so virus writers will never really bother themselves with the Mac platform.

So, my attempt-at-humor solution still stands.

BTW - I've had viruses on my Mac before, just alot fewer chances at getting them than I've experienced on PCs I also use.

.....started by Will Pitt. Can someone recommend a good firewall? :evilgrin:

Post #28 has a few links Apple owners really should visit! :)

Doing it on his laptop.

http://www.bartcop.com